🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Hands On Keyboard

detectors


A Hands-On-Keyboard attack is when a threat actor is manually performing activities on exploited hosts rather than using scripted commands. While this type of constantly evolving threat activity can be inherently difficult to detect with signatures, the confluence of this behavior over finite time windows does lend itself to high-confidence probabilistic detection using machine learning.

This detector scores process events for a set timeframe using machine learning models and then uses these scores to identify potential Hands-On-Keyboard activity, published as alerts to the Secureworks® Taegis™ XDR Dashboard.

Hands On Keyboard Alert

Hands On Keyboard Alert

Information found in high and critical alerts include:

Schema

Process

Outputs

Hands-On-Keyboard alerts pushed to the Secureworks® Taegis™ XDR Dashboard

Configuration Options

None

 

On this page: